CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-2347

E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to obtain the full path of the web server via "'" characters, and possibly other invalid values, in (1) the id parameter to form_grupo.html, or requests to the (2) archivos/ and (3) files/ directories. NOTE: this issue might be resultant from SQL injection.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 67.4%

CVSS Severity

CVSS v2 Score 5.0

References

http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045980.html
http://secunia.com/advisories/20071
http://securityreason.com/securityalert/891
http://www.securityfocus.com/archive/1/433807/100/0/threaded
http://www.securityfocus.com/bid/17933
http://www.vupen.com/english/advisories/2006/1784
https://exchange.xforce.ibmcloud.com/vulnerabilities/26476
http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045980.html
http://secunia.com/advisories/20071
http://securityreason.com/securityalert/891
http://www.securityfocus.com/archive/1/433807/100/0/threaded
http://www.securityfocus.com/bid/17933
http://www.vupen.com/english/advisories/2006/1784
https://exchange.xforce.ibmcloud.com/vulnerabilities/26476

Products affected by CVE-2006-2347

Oasyssoft » E-Business Designer » Version: Any

cpe:2.3:a:oasyssoft:e-business_designer:*
Oasyssoft » E-Business Designer » Version: 2.3.3

cpe:2.3:a:oasyssoft:e-business_designer:2.3.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-2347

Products

Pricing

Contact Us